Rowhammer Attacks Come to MLC NAND Flash Memory

The Rowhammer attacks developed by Google more than two years ago put the focus on hardware front and center. That research allowed attackers to flip dynamic random access memory (DRAM) bits in order to induce those memory cells to change their state.

Google’s research enabled kernel-level privilege escalation, one of the most sought-after outcomes to an attack for hackers.

At this week’s Woot ’17 USENIX conference in Vancouver, researchers from IBM advanced that work, demonstrating a filesystem-level version of the attack against MLC NAND flash memory.

“In particular, to motivate the assumptions of this filesystem-level attack, we show the attack primitive that an attacker can obtain by making use of cell-to-cell interference is quite weak, and therefore requires a carefully crafted attack at the OS layer for successful exploitation,” the researchers wrote.

The Rowhammer attacks zero in on weaknesses in deep layers of memory management, and in this case against flash memory, bring a lower barrier to entry.

“We use our knowledge of existing reliability mechanisms in SSDs (including ECC), to show that the attack primitive an attacker can obtain from MLC NAND flash weaknesses is a coarse granularity corruption: unlike in rowhammer, where the attacker can flip a single bit, in the case of this attack the attacker can only corrupt one block of data,” the researchers wrote. “We then show that this weaker attack primitive (when compared to flipping individual bits, which provides a higher level of control to the attacker) is nevertheless sufficient to mount a local privilege escalation attack.”

The flash version of the Rowhammer attack is a local attack, and can be carried out via side-channels, for example. The major weakness in flash being exploited is cell-to-cell interference, which affects the reliability of NAND devices. The interference results from programming voltages interfere with adjacent cells in a memory array, the researchers wrote.

The paper explains how an attacker could program an adjacent page with certain data patterns that maximize such interference.

“Due to the nature of the CCI there are only a few cell state transitions that are possible. Specifically, CCI can cause a cell state to transition only to a larger threshold voltage,” the researchers wrote. “Using CCI, an attacker can program an aggressor page with a maximum interference pattern to cause uncontrolled random modification to all or different fields of cells of the adjacent victim page in a probabilistic manner.”

The researchers identified a challenging road to gain a full-system compromise through a flash vulnerability starting with CCI, then protections in the Flash controller and SSD controller, before targeting and bypassing protections at the OS level before executing a privilege escalation payload against userland.

The researchers also cautioned that the attack could be extended remotely through crafted browser JavaScript.

“Because browsers do allow writes and reads to the filesystem (albeit indirectly), through web content local caching, cookies, or use of the HTML5 storage API, it may be feasible to extend the attack vector presented here to remote attacks,” the researchers said.

While most of this research has been confined to laptops and PCs, academics from VUSec Lab at Vrije Universiteit Amsterdam last October said Rowhammer attacks were possible on mobile ARM-based hardware. The end results of those attacks were root access to Android devices.